• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 579
  • Last Modified:

Setup route map for icmp packets

I have two dsl lines coming into one router.  I have a default route that goes out g0/1.  I can't ping g0/0 from the outside because when the ping is being sent back out ir uses the default route and it needs to use the route out the g0/0 interface.  I think I can use policy based routing for this but so far haven't got it right.

Can you give me the steps to set a route map that matched icmp traffic and sets the next-hop ip to ne g0/0.  I think this should allow me to ping g0/0 from the outside.
0
dmwynne
Asked:
dmwynne
  • 2
1 Solution
 
IronmannenCommented:
Hello
This is a clear and simple example of what you want to do (with some minor modifications of course)
http://www.petri.co.il/how-to-use-cisco-ios-policy-based-routing-features.htm
0
 
dmwynneAuthor Commented:
So I setup my access list as follows:

access-list 130 permit icmp any host x.x.x.x-external ip
access-list 130 permit ip any any

Setup route map:

route-map ICMP permit 130
 match ip address 130
 set ip next-hop x.x.x.x-external ip

Then is applied the route map to the interface.  I'm not getting any hits on the route map when running a show route-map.
0
 
IronmannenCommented:
Hello
Yes there is a problem since one packet (echo) enters the router and another (echo-reply) exits the router which means that the packet marked for a route does not exist, you can try it the other but I do not know if it is helpful fro you this way:

conf t
ip local policy route-map ICMP
//activates route-map on traffic sourced from the router

access-list 140 permit icmp host 192.168.2.2 any
//192.168.2.2 is my router interface (source)

route-map ICMP permit 10
 match ip address 140
 set ip next-hop 192.168.2.1

The command debug ip policy is very helpful when troubleshooting route-maps:
*Mar  1 03:32:20.115: IP: route map ICMP, item 10, permit
*Mar  1 03:32:20.115: IP: s=192.168.2.2 (local), d=192.168.0.2 (FastEthernet0/1), len 100, policy routed
*Mar  1 03:32:20.115: IP: local to FastEthernet0/1 192.168.2.1
*Mar  1 03:32:20.167: IP: s=192.168.2.2 (local), d=192.168.0.2, len 100, policy match


0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now